If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below. ** If you are logged in, most ads will not be displayed. **

3. Server is capable of communication on the Internet without constraints, that is with any remote network service;iptables -P FOWARD ACCEPT
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
I tis ok? Where is problem?

Hello olip15. Happy new year and thank you for writing. Nice great wall of fire you've built, hehe.

I have not had the opportunity to sit and practice iptables. I've read a book about it but I do not completely understand it yet.
Regarding the rules, if its a copy-paste from any configuration file, the only mistake I can see is a typographical error.

Where it says:

Code:

iptables -P FOWARD ACCEPT

It should say:

Code:

iptables -P FORWARD ACCEPT

Now, If I remember correctly:

1.

Code:

iptables -F

Erases everything

Code:

iptables -A OUTPUT -p udp --dport 68 -j ACCEPT

Appends a rule that tells your computer that every udp communication leaving your computer getting to port 68 is accepted.

"-p, --protocol [!] protocol
The protocol of the rule or of the packet to check. The specified protocol can be one of tcp, udp, icmp, or all, or it can be a numeric value, representing one of these protocols or a different one. A protocol name from /etc/protocols is also allowed. A "!" argument before the protocol inverts the test. The number zero is equivalent to all. Protocol all will match with all protocols and is taken as default when this option is omitted.

"-P, --policy chain target
Set the policy for the chain to the given target. See the section TARGETS for the legal targets. Only built-in (non-user-defined) chains can have policies, and neither built-in nor user-defined chains can be policy targets."